Nikolas Sargeant
TL;DR
- Grinex, a Kyrgyzstan-based exchange with ties to Russia, halted trading and withdrawals after a cyberattack stole $15 million in USDT.
- The funds were routed through Tron and Ethereum before being converted into TRX and ETH to avoid being frozen.
Grinex, a Kyrgyzstan-registered cryptocurrency exchange with strong ties to Russia's crypto market, suspended trading and withdrawals on Thursday, following what it described as a "large-scale cyberattack" targeting its wallet infrastructure.
The exchange's website now displays a statement claiming that more than 1 billion rubles (approximately $13.1 million) had been stolen.
In its statement, Grinex framed the incident as a coordinated attack designed "to directly harm Russia's financial sovereignty."
The exchange further stated that the attack used "resources and technologies available exclusively" to hostile state actors, aiming to limit crypto outflows from the region.
Cyberattack Drains $15 Million in USDT
Blockchain analytics firm Elliptic revealed that the stolen funds amounted to around $15 million in USDT, exceeding the $13.1 million originally stated by Grinex.
The stolen USDT was moved through addresses on the Tron and Ethereum networks before being converted into TRX and ETH, likely to avoid freezing by Tether, which can blacklist USDT linked to illicit activities.
Grinex’s own disclosure supports this, showing a wallet with a balance of approximately 45.9 million TRX, worth over $15 million, indicating that the stolen funds were likely consolidated after the initial transfers.
Grinex is widely viewed as the successor to Garantex, a Russian exchange that was sanctioned by U.S. authorities last year for facilitating illicit transactions tied to ransomware and darknet markets.
